SY0-401:4 TS Quiz Application, Data, and Host Security

" Your company has recently implemented a new virus scanner application to prevent virus infections on all of the company computers. Management requests that you provide information on how the virus scanner application will protect the computers. What does this application use to detect viruses? a checksum a message digest a signature file a private key "

" Answer: a signature file Explanation: To determine whether a file is infected with a virus, a virus scanner application compares that file to a signature file. Signature files contain information about viruses, such as examples of virus code and the types of files that a particular virus infects. A hashing algorithm can be used to produce a checksum, which is sometimes referred to as a message digest. After a message digest is created for a file, if the file needs to be checked for modification, then a second message digest can be created and compared to the original. If the two messages match, then the file was not modified. A private key is used in symmetric and asymmetric encryption. A private key should be kept secret. "

" Match the controls on the left with the object given on the right. Each control will go with only one object. Use the controls where they are the most effective. "

" Explanation: The controls and the object they use should be matched in the following manner: Host-based firewall - Web server GPS tracking - Mobile device Biometrics - Data center Sandboxing - Applications Mobile devices need GPS tracking so that they can be located if lost or stolen. Servers and clients can be protected using host-based firewalls to ensure that only certain communication is allowed with the host. Data centers can be protected using biometric readers to ensure that only users with the appropriate clearance are allowed entry. Applications can use sandboxing to protect the rest of the system and its applications if a security flaw exists. "

" During a recent security review, a security consultant recommended that your company take certain security measures to increase the network's security. One of his recommendations was to implement a host-based intrusion detection system (HIDS). What is a major problem when deploying this technology? It is hard to discover the files that have been altered by an attack. All incoming network traffic to the host is monitored. It typically runs as a service or background process. It must be deployed on each computer that needs it. "

" Answer: It must be deployed on each computer that needs it. Explanation: A major problem when deploying an HIDS is that it must be deployed on each computer that needs it. Because the HIDS is installed on the local computer, the computer is completely compromised once a hacker penetrates the HIDS software. With an HIDS, it is easy to discover the files that have been altered by an attack. This is because an HIDS can potentially keep checksums on the files. An HIDS does not monitor all incoming network traffic to the host. An HIDS examines the computer logs, system events, and application events. An HIDS typically runs as a service or background process, but this is not considered a major problem. "

" During a recent security audit, you discovered that several company servers are not adequately protected. You are working to harden your Web servers. As part of the hardening of the Web servers, you implement filters. What is the purpose of a filter in this scenario? It limits the users that are allowed connections. It limits the traffic that is allowed through. It locates suspicious traffic. It prevents the Web server from being infected with viruses. "

" Answer: It limits the traffic that is allowed through. Explanation: Filters on a Web server limit the traffic that is allowed through. Access control lists (ACLs) limit the users that are allowed connections. A protocol analyzer can be used to locate suspicious traffic. An anti-virus application would prevent a Web server from being infected with viruses. "

" Your organization has a custom-designed application for tracking customer contacts. During the design of this application, the developers discovered many error conditions and created the appropriate handlers for these errors. However, you are concerned about errors that could occur but are unknown. Which type of error handler should be created for unknown errors? false positive fail-over fail-safe fail-open "

" Answer: fail-safe Explanation: A fail-safe error handler should be created for unknown errors. This will ensure that the application stops working, reports the error, and closes down. A false positive is mistakenly flagging an event or error. A fail-over computer is a system that is connected to a primary computer and takes over if the primary computer fails. A fail-open error handler could cause security issues because it would not protect the application in the manner a fail-safe error handler would. While a fail-safe system is best if you need to ensure availability, fail-safe systems can cause security issues. For example, a malicious person can gain access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance if the system is configured to fail safely. "

" Which Windows Vista component encrypts an entire volume with 128-bit encryption to prevent information from being read if the drive is lost or stolen? Encrypting File System (EFS) BitLocker Internet Protocol Security (IPSec) Advanced Encryption Standard (AES) "

" Answer: BitLocker Explanation: BitLocker is the Windows Vista (and higher) component that encrypts an entire volume with 128-bit encryption to prevent information from being read if the drive is lost or stolen. BitLocker is based on Advanced Encryption Standard (AES). EFS is the encryption method used with the NTFS file system. If the NTFS file system is accessible, any files encrypted by EFS are usually accessible. IPSec is an encryption protocol used by virtual private networks (VPNs) to protect data as it is transmitted over a network. AES is an encryption standard. While BitLocker uses AES, AES alone will not provide the needs in the scenario. Full disk encryption is an excellent way to mitigate data loss on both computers and portable devices. For some portable devices, it is possible to use device encryption to protect the contents of the device. "

" Which Web browser add-in uses Authenticode for security? ActiveX Cross-site scripting (XSS) Java Common Gateway Interface (CGI) "

" Answer: ActiveX Explanation: ActiveX uses Authenticode for security. Authenticode is a certificate technology that allows ActiveX components to be validated by a server. Users need to be careful when confirming the installation of ActiveX components or controls. Automatically accepting an ActiveX component or control creates an opportunity for security breaches. None of the other options uses Authenticode for security. Cross-site scripting (XSS) is a type of security vulnerability typically found in Web applications that allows code injection by hackers into the Web pages viewed by other users. It is used to trick a user into visiting a site and having code execute locally. Cross-site scripting prevention is best accomplished by using an automated tool to test for XSS. This attack can only be prevented by carefully sanitizing all input that is not known to be secure, Java is a self-contained script that is downloaded from a server to a client and runs within a Web browser. CGI is a scripting method that was used extensively in older Web servers. CGI scripts captured data from users using simple forms. "

" Internet Explorer is configured to block all pop-ups. You access a research site that implements a required pop-up immediately after login. You must ensure that the pop-up that is implemented after logging in is never blocked. What should you do? Hold down Ctrl+Alt while the pop-up opens. Change the pop-up blocker setting to Medium. Change the pop-up blocker setting to Low. Add the Web site to the Allowed sites list on the Pop-up Blocker Settings dialog box. "

" Answer: Add the Web site to the Allowed sites list on the Pop-up Blocker Settings dialog box. Explanation: You should add the Web site to the Allowed sites list on the Pop-up Blocker Settings dialog box. This will ensure that the pop-up that is implemented after logging in is never blocked. If you upgrade Internet Explorer and pop-ups are not displaying properly, you should check the Pop-Up Blocker settings. You should not hold down Ctrl+Alt while the pop-up opens. This technique should only be used when you want to view a pop-up once. You should not change the Pop-Up Blocker setting to Medium or Low. This would reduce the security of Internet Explorer and would probably allow more pop-ups than you intended. In addition, there is no guarantee that the pop-up you want to see would not be blocked. "

" Which technology works with Trusted Platform Module (TPM) hardware? EFS NTFS IPSec BitLocker "

" Answer: BitLocker Explanation: BitLocker drive encryption works with TPM hardware. TPM is a hardware chip that stores encryption keys. The BitLocker technology encrypts drive contents so that data cannot be stolen. BitLocker can encrypt both user and system files. BitLocker is enabled or disabled by an administrator for all computer users and provides full disk encryption. TPM and hardware security module (HSM) both provide storage for the Rivest, Shamir, and Adleman (RSA) algorithm and may assist in user authentication. TPM is usually included with computers and can be deployed easier than HSM. None of the other options works with TPM hardware. Encrypting File System (EFS) encrypts the contents of a disk. However, EFS is enabled on a per-user basis and can only encrypt files belonging to the user that enabled EFS. EFS does not require any special hardware or administrative configuration. New Technology File System (NTFS) is the 32-bit file system used by Windows operating systems. Internet Protocol Security (IPSec) is a protocol that protects communication over a network. "

" Which of the following actions is an example of application hardening? Disable default user accounts and passwords. Install all operating system patches and service packs. Disable unnecessary protocols. Implement NTFS on all hard drives. "

" Answer: Disable default user accounts and passwords. Explanation: An example of application hardening is to disable default user accounts and passwords used in the application. Application hardening ensures that an application is secure and unnecessary services are disabled. Other application security controls include: Fuzz testing or fuzzing - a software testing technique, usually automated, that involves providing invalid, unexpected, or random data to the inputs of an application. The application is then monitored for exceptions. Application configuration baselining - a technique that records the application baseline that can be used later to see if an application's security baseline has changed Cross-site Request Forgery (XSRF) prevention - a type of malicious exploit of a Web site where unauthorized commands are transmitted from a user that the Web site trusts. Also referred to as one-click attack or session riding NoSQL databases versus SQL databases - NoSQL security is not as robust as SQL security. If NoSQL databases are used, data confidentiality and integrity must be the responsibility of the application. With SQL, data confidentiality and integrity can be handled by the relational database engine. Installing all operating system patches and service packs, disabling unnecessary protocols, and implementing NTFS on all hard drives are part of hardening the operating system. "

" What is the best protection against XSS? Install an anti-virus application. Install a pop-up blocker. Validate all values entered into an application. Disable the running of scripts. "

" Answer: Disable the running of scripts. Explanation: The best protection against cross-site scripting (XSS) attacks is to disable the running of scripts in the browser. You should validate all values entered into an application to prevent data input errors and input-validation vulnerabilities. You should not install an anti-virus application or pop-up blocker because neither of these protect against XSS. "

" You receive an unsolicited e-mail from an application vendor stating that a security patch is available for your application. Your company's security policy states that all applications must be updated with security patches and service packs. What should you do? Click the link embedded in the e-mail message to install the security patch. Go to the vendor's Web site to download the security patch. Insert the application's installation CD to install the security patch. Click the link embedded in the e-mail message to test the security patch. "

" Answer: Go to the vendor's Web site to download the security patch. Explanation: You should go to the vendor's Web site to download the security patch. This ensures that you are obtaining the security patch directly from the vendor. If you do not find any information about a new security patch on the vendor's Web site, you are likely the victim of an e-mail scam. You should not click the link embedded in the e-mail message to test or install the security patch. A common method for hackers to infect your systems is to send an official-looking e-mail about software that you need. The only way to ensure that a patch or service pack comes from the vendor is to go the vendor's Web site. You should not insert the application's installation CD to install the security patch. Original installation CDs will not contain the latest security patches or service packs. "

" You have been hired as the security administrator for a company. During your first weeks, you discover that most of the client and server computers are not protected from intrusions in any way. For the servers, management wants you to implement a solution that will prevent intrusions on a single server. Which system should you implement to satisfy management's request? HIDS NIDS HIPS NIPS "

" Answer: HIPS Explanation: You should implement a Host Intrusion Prevention System (HIPS) to prevent intrusions on a single server or computer. A Host Intrusion Detection System (HIDS) detects intrusions on a single server or computer. A Network-based Intrusion Detection System (NIDS) detects intrusions on a network. A Network-based Intrusion Prevention System (NIPS) prevents intrusions on a network. Intrusion prevention systems (IPS) and intrusion detection systems (IDS) work together to complement each other. IPS systems can block activities on certain Web sites. Users may be allowed to access the sites but may be prevented from accessing certain features within the site. In other cases, the entire site may be blocked, depending on the security requirements for the organization. IDS systems detect security breaches and alert administrators of the breaches. They cannot block access to any specific site or entity. "

" You are responsible for managing the virtual computers on your network. You need to ensure that the host and virtual computers are secure from attacks. Which guideline is important when managing these computers? Update the operating system and applications only on the host computer. Implement a firewall only on the host computer. Isolate the host computer and each virtual computer from each other. Install and update the antivirus program only on the host computer. "

" Answer: Isolate the host computer and each virtual computer from each other. Explanation: You should isolate the host computer and each virtual computer from each other. None of the other statements is correct when managing virtual computers. You should update the operating system and application on the host computer and all virtual computers. You should implement a firewall on the host computer and all virtual computers. You should install and update the antivirus program on the host computer and all virtual computers. "

" What is the purpose of the BitLocker technology? It locks your computer so that it cannot be booted. It encrypts the drive contents so that data cannot be stolen. It encrypts data as it is transmitted over a network. It locks your hard drive so that it cannot be booted. "

" Answer: It encrypts the drive contents so that data cannot be stolen. Explanation: The BitLocker technology encrypts drive contents so that data cannot be stolen. BitLocker can encrypt both user and system files. BitLocker is enabled or disabled by an administrator for all computer users. It requires Trusted Platform Module (TPM) hardware. BitLocker technology has nothing to do with locking a computer or hard drive. It also does not protect data that is transmitted over a network. Encrypting File System (EFS) can also encrypt the contents of a disk. However, EFS is enabled on a per-user basis and can only encrypt files belonging to the user that enables EFS. EFS does not require any special hardware or administrative configuration. "

" A user configures the Internet Explorer Pop-Up Blocker's filter to High: Block all pop-ups. However, the user wants to see a pop-up that is being blocked. What should the user do? Press Ctrl+Alt while the pop-up opens. Change the pop-up blocker setting to Medium. Change the pop-up blocker setting to Low. Add the site to the Allowed sites list. "

" Answer: Press Ctrl+Alt while the pop-up opens. Explanation: You should hold down Ctrl+Alt while the pop-up opens. The High: Block all pop-ups setting blocks all pop-ups. To allow a single pop-up to display, you should hold down the Ctrl+Alt keys when the pop-up opens. You should not change the pop-up blocker setting to Medium. This would reduce the security of Internet Explorer and would probably allow more pop-ups than the user intended. In addition, there is no guarantee that the pop-up the user wants to see would not be blocked. You should not change the pop-up blocker setting to Low. This would reduce the security of Internet Explorer and would allow more pop-ups than the user intended. You should not add the site to the Allowed sites list. This would allow the pop-up to always be displayed. The scenario indicates that the user wants to see the pop-up, but does not indicate that the pop-up should always be displayed. Pop-up blockers primarily protect against malware. Other security controls that can be implemented to protect against malware include anti-virus, anti-spam, and anti-spyware applications. "

" Your organization has a security policy in place that states that all precautions should be taken to prevent physical theft of mobile devices. Which precaution would prevent this? Install a remote sanitation application on each mobile device. Implement a screen lock on each mobile device. Implement password protection on each mobile device. Store mobile devices in a locked cabinet. "

" Answer: Store mobile devices in a locked cabinet. Explanation: To prevent physical theft of mobile devices, you should store mobile devices in a locked cabinet or safe. In some cases, you can also purchase cable-lock mechanisms that will lock the mobile device to a desk. This provides mobile device inventory control. None of the other options will prevent physical theft. A remote sanitation application will ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen. A screen lock will act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device. This screen lock will provide device access control because the device cannot be accessed without the proper code entry. Password protection will ensure that the data on the mobile device cannot be accessed unless the password is entered. "

" Management wants you to provide full disk encryption for several of your organization's computers. You purchase specialized chips that will be plugged into the computers' motherboards to provide the encryption. Of what security practice is this an example? TwoFish GPG TPM RipeMD PAP "

" Answer: TPM Explanation: Trusted Platform Module (TPM) is a specialized chip that you install on a computer's motherboard to assist with full disk encryption. TPM has a storage root key that is embedded into the chip. The storage root key is created when you take ownership of the TPM. If you clear the TPM and a new user takes ownership, a new storage root key is created. TwoFish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It does not provide full disk encryption. GNU Privacy Guard (GPG) is an alternative to Pretty Good Privacy (PGP). PGP is a data encryption mechanism that provides privacy and authentication for data communication. PGP is often used for signing or encrypting and decrypting texts, e-mail, files, directories, and whole disk partitions to increase the security of e-mail communications. GPG also provides this function and is a FREE alternative to PGP. GPG and PGP do not involve the use of a specialized chip. RipeMD is a 160-bit message digest algorithm. There are 128, 256, and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. Password Authentication Protocol (PAP) is an encryption technology in which a user's name and password are transmitted over a network and compared to a table. Typically, the passwords stored in the table are encrypted. "

" You have been asked to implement hardware-based encryption on a Windows Server 2008 computer. What is required to do this? NTFS EFS TPM chip Wake-on-LAN "

" Answer: TPM chip Explanation: To implement hardware-based encryption on a Windows Server 2008 computer, you need a Trusted Platform Module (TPM) chip. To implement hardware-based encryption, you need the appropriate management software. Another chip that could be used is a Hardware Security Module (HSM) chip, which is used in public key infrastructure (PKI) and clustered environments. HSMs can be easily added to an existing system. HSM chips can both generate and store keys. TPM chips are permanently mounted on the hard drive and cannot be replaced. Hardware-based encryption is faster than software-based encryption. HSM is the most secure way of storing keys or digital certificates used for encryption of SSL sessions. New Technology File System (NTFS) and Encrypting File System (EFS) are file systems and can be used to implement software-based encryption, not hardware-based encrypted. Wake-on-LAN (WOL) is a technology that allows a computer to be turned on by a network message. "

" What is the best countermeasure for a buffer overflow attack on a commercial application? Implement timestamps and sequence numbers. Implement code reviews and quality assurance on a regular basis. Update the software with the latest patches, updates, and service packs. Edit the application code to include bounds checking to ensure that data is of an acceptable length. "

" Answer: Update the software with the latest patches, updates, and service packs. Explanation: The best countermeasure for a buffer overflow attack on a commercial application is to update the software with the latest patches, updates, and service packs. A buffer overflow occurs when a buffer receives more data than it is programmed to accept. Buffer overflow attacks exploit poor programming techniques and code review. These attacks are common on Web servers. Input validation is another countermeasure for buffer overflow attacks. Input validation can prevent the input of certain characters that would cause an application or database to lock up. The best countermeasure for a buffer overflow attack on a company-developed, proprietary application would be to edit the application code to include bounds checking to ensure that data is of an acceptable length. The best countermeasure for replay attacks is to implement timestamps and sequence numbers. The best countermeasure for maintenance hooks is to implement code reviews and quality assurance on a regular basis. A buffer overflow attack can be detected using a packet sniffer by examining packets that are being transmitted on your network. A long string of numbers in the middle of a packet is indicative of a buffer overflow attack. "

" What is meant by the term fail-safe? a system's ability to recover automatically through a reboot a system's ability to preserve a secure state before and after failure a system's ability to terminate processes when a failure is identified a system's ability to switch over to a backup system in the event of a failure "

" Answer: a system's ability to terminate processes when a failure is identified Explanation: Fail-safe systems provide the ability to automatically terminate the processes in response to a failure. An example would be an automated locking system that defaults to unlock in case of power failure. A controlled system reboot refers to the ability of the system to recover automatically through a reboot. A controlled system is a part of the trusted recovery procedures. Fail-secure state, sometimes called fail-close state, refers to the ability of a system to maintain and preserve the secure state of the system in the event of a system failure. A fail-secure state implies that a system should be able to protect itself and its information assets if critical processes are terminated and if a system becomes unusable. An example would be an automated locking system that defaults to lock in case of power failure. If a system has high security requirements, you should ensure that the system is configured to fail close. If a system has high availability, you should ensure that the system is configured to fail open. Fail-over systems provide the ability to recover by switching over to backup systems in the event of the failure of a primary system. This is also known as recovery control. "

" When should you install a software patch on a production server? immediately after the patch is released before the patch has been tested when the patch is in beta format after the patch has been tested "

" Answer: after the patch has been tested Explanation: A patch should be installed on a server after it has been tested on a non-production server and by the computing community. A security patch is a major, crucial update for the OS or product for which it is intended, and consists of a collection of patches released to date since the OS or product was shipped. A security patch is mandatory for all users. It addresses a new vulnerability and should be deployed as soon as possible. Security patches are usually small. A patch should not be installed immediately after it is released or when it is in beta format because a patch that is not thoroughly tested might contain bugs that could be detrimental to server operation. A patch should typically not be deployed before it has been tested on a test server. Patches should not be tested on production servers. Application patch management should follow these same guidelines. A hotfix is a software fix that addresses a specific issue being experienced by certain customers, but has not been fully tested in all environments. Patch management involves installing patches on a test system, verifying the new software changes on the test system, and then installing the patch in the live environment if no undesired outcomes occurred in the test environment. Patch management is the most efficient way to combat operating system vulnerabilities. "

" Which controls should you implement to mitigate the security risks of a Supervisory Control and Data Acquisition (SCADA) systems? (Choose all that apply.) application firewall firmware version control network segments ACLs "

" Answer: application firewall firmware version control network segments ACLs Explanation: You should implement application firewalls, firmware version control, network segments, and access control lists (ACLs) to mitigate the security risks of SCADA systems. For testing purposes, you should understand the controls that you can implement to protect static environments, including SCADA, embedded environments (printer, smart TV, HVAC), Android, iOS, mainframe, game consoles, and in-vehicle computing systems. The controls that can be implemented in these static environments include the following: Network segmentation - This allows you to isolate the static environments on its own network. One example is to deploy NIPS at the edge of the SCADA network to protect the SCADA systems from misuse. Security layers - Security professionals should access all layers of security, including physical access to static environments. A layered defense model ensures that devices are protected no matter where or how the attack originates. Application firewalls - This allows you to protect the applications that control the static environments. Manual updates - While manual updates may be harder to implement than automatic updates, manual updates can ensure that updates are thoroughly tested before being implemented in the live environment. Updates can have unexpected consequences if they are implemented without being fully tested. Firmware version control - This ensures that only firmware updates from the vendor are implemented in static environments. If an unauthorized version of firmware is installed, attackers may be able to access the environment. Wrappers - These are used to secure communication between the management system and the remote administrator. Control redundancy and diversity - Redundancy ensures that there are multiple ways to control the static environment. Diversity ensures that the controls can be implemented across multiple platforms or operating systems. If there is a vendor-specific vulnerability in critical industrial control systems, you can support availability by incorporating diversity into redundant design. "

" Which of the following concerns should you have when researching cloud storage for your organization? (Choose all that apply.) data at rest data in transit network throughput auditing "

" Answer: data at rest data in transit network throughput auditing Explanation: You should be concerned about data at rest, data in transit, network throughput, and auditing when choosing a cloud storage provider. For data at rest and data in transit, some form of encryption should be used to protect the data. The available network throughput is important because network throughput may degrade over time. Auditing is important to ensure that you can investigate any security issues. It is important that you implement the appropriate security controls to ensure data security in the following technologies: Storage area network (SAN) - Access to the SAN is vital to any organization that implements them. Organizations should limit the physical access to the SAN by placing the SAN in a secure location. You should implement user authentication and authorization to protect access to the SAN. You may also want to implement SAN zoning, which is a method of arranging SAN devices into logical groups over the physical configuration of the fabric. Finally, data in transit issues for the SAN can best be determined by performing a risk assessment and vulnerability analysis. Any identified issues should be addressed. Handling big data - When handling big data for your organization, you need to implement many of the same security controls as with any other data, including authentication, authorization, and encryption. With big data, it is important that you implement the security controls as close as possible to the data they are designed to protect. Data encryption - Data can be encrypted at many levels, including full disk encryption, database encryption, individual file encryption, removable media encryption, and mobile device encryption. Full disk encryption, also referred to as hard drive encryption, encrypts the entire contents of a hard drive. Database encryption encrypts at the database level. Individual file encryption encrypts files usually using the encryption feature of the operating system. Removable media encryption encrypts the entire contents of removable media. Mobile device encryption encrypts the entire contents of a mobile device. When protecting data, you must consider data in all of its states: data in-transit, data at-rest, and data in-use. Any one of these states can be exploited by an attacker. Implementing controls to protect data in all of these states in crucial. Access control lists (ACLs) and permissions should also be configured to protect data. Even if you deploy security controls at other levels, you are not protecting your data efficiently if you do not configure your ACLs appropriately. "

" Which method is NOT recommended for removing data from a storage media that is used to store confidential information? formatting zeroization degaussing destruction "

" Answer: formatting Explanation: Formatting is not a recommended method. Formatting or deleting the data from a storage media, such as a hard drive, does not ensure the actual removal of the data, but instead removes the pointers to the location where the data resides on the storage media. The residual data on the storage media is referred to as data remanence. The main issue with media reuse is remanence. The residual data can be recovered by using data recovery procedures. This can pose a serious security threat if the erased information is confidential in nature. Sanitization is the process of wiping the storage media to ensure that its data cannot be recovered or reused. Sanitization includes several methods, such as zeroization, degaussing, and media destruction. All of these methods can be used to remove data from storage media, depending on the type of media used. Most storage media with a magnetic base can be sanitized. However, CDs and DVDs often cannot be degaussed. If this is the case, the only option is physical destruction of the CD or DVD. Zeroization implies that a storage media is repeatedly overwritten with null values, such as multiple ones and zeros, for sanitization. Zeroization is generally used in a software development environment. Degaussing is the process of reducing or eliminating an unwanted magnetic field on a storage media. Degaussing sanitizes storage media by using magnetic forces. Degaussing devices produce powerful opposing magnetic fields that reduce the magnetic flux density of the storage media to zero. Degaussing is the preferred method for erasing data from magnetic media, such as floppy disks, hard drives, and magnetic tapes. Media destruction implies physically destroying the media to make it unusable. Security of the storage media can be crucial if the data stored is of confidential nature. Some storage media, such as CD-ROMs, cannot be sanitized due to the lack of a magnetic base. Therefore, it is recommended that you physically destroy them to prevent disclosure of confidential information. Media viability controls are used to protect the viability of data storage media. Media viability control measures include proper labeling or marking, secure handling and storage, and storage media disposal. When implementing appropriate controls to ensure data security, you need to design the appropriate data policies, including the following: Data wiping - ensures that the contents of the media are no longer accessible. Data disposing - destroys the media to ensure that media is unusable. Data retention - ensures that data is retained for a certain period. The data retention policies should also define the different data types and data labeling techniques to be used. Data storage - ensures that data is stored in appropriate locations. In most cases, two copies of data should be retained and placed in different geographic locations. If an administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use, he should implement cluster tip wiping. A cluster tip is the unused space in a cluster. If you have a file written on 7.1 clusters, there will be a 0.9 cluster tip with old or zero data. Cluster tips could contain some sensitive information. "

" What is the purpose of anti-spam applications? to prevent virus infection to prevent unsolicited e-mail to prevent spyware infection to prevent pop-ups "

" Answer: to prevent unsolicited e-mail Explanation: The purpose of an anti-spam application is to prevent unsolicited e-mail. The purpose of an anti-virus application is to prevent virus infection. The purpose of an anti-spyware is to prevent spyware infection. The purpose of a pop-up blocker is to prevent pop-ups. "

" Which mobile device feature is a security concern because it can reveal location information? geotagging remote wiping white-listing screen lock "

" Answer: geotagging Explanation: Geotagging is the mobile device feature that is a security concern because it can reveal location information. This feature embeds unseen code in a picture that records the longitude/latitude information of where the picture was taken. None of the other features is a security concern. They are all security solutions for mobile devices. Remote wiping allows you to remotely wipe the contents of a mobile device. White-listing permits certain applications to be installed and run on mobile devices. Black-listing is the opposite of white-listing, and prevents the installation of certain applications. A screen lock prevents users from accessing the mobile device unless they know the code. When considering applications that can be installed on mobile devices, you need to understand the following concepts for the Security+ exam: Key management - You should take measures to ensure that all keys are protected. Measures that you can use include implementing device encryption to protect the keys while stored and using IPSec to protect the keys during transmission. Credential management - You should implement solutions that allow you to manage credentials for users to ensure that mobile devices are only accessed by valid users. In addition, you should ensure that the protocols that you use do not transmit credential information in plaintext. Authentication - If possible, you should require your mobile applications to authenticate users before allowing access. This ensures that applications are only accessed by valid users. Geotagging - Geotagging attaches certain location information to pictures and videos. In most mobile devices, this feature can be disabled. Encryption - Applications often request personally identifiable information (PII) that should be protected. In addition, they often transmit PII and other confidential information. Therefore, you should employ encryption to protect the data in storage and in transmission. Application white-listing - Application white-listing allows administrators to configure a list of applications that are allowed to run on a mobile device. In some cases, it also includes a way of checking the hash value of the application to ensure data integrity. Transitive trust/authentication - Transitive trust occurs when federated user identities allow users to access multiple applications, devices, and resources using a single authentication. A trusted computing base is established as the basis of federated user identity. Enterprises should ensure that any entities allowed into the trusted computing base are fully protected. "

" Which update type makes repairs to a computer during its normal operation so that the computer can continue to operate until a permanent repair can be made? service pack support pack hotfix patch "

" Answer: hotfix Explanation: A hotfix makes repairs to a computer during its normal operation so that the computer can continue to operate until a permanent repair can be made. It usually involves replacing files with an updated version. A hotfix can also be referred to as a bug fix. A service pack or support pack is a comprehensive set of fixes combined into a single product. Service packs generally include all hotfixes and patches. A support pack is another term used for service packs. Patches are temporary fixes to a program. Once more data is known about an issue, a service pack or hotfix may be issued to fix the problem on a larger scale. "

" On which devices are you most likely to use a remote wipe process? routers firewalls mobile devices servers "

" Answer: mobile devices Explanation: You are most likely to use a remote wipe process on mobile devices. A remote wipe or sanitation process would erase all of the data on the mobile device in the event that the mobile device is lost or stolen. Other security mechanisms used for mobile devices include screen locks, strong passwords, device encryption, voice encryption, and GPS tracking. Screen locks prevent users from accessing the mobile device until a password or other factor is entered. Strong passwords ensure that mobile devices cannot be accessed unless the password is entered. They also ensure that the password is hard to discover using a password attack. Full device encryption ensures that the contents of the mobile device are encrypted. Voice encryption ensures that conversations cannot be eavesdropped. GPS tracking allows a mobile device to be located. However, GPS tracking can also be considered a security threat and is often disabled. It is not as likely that you will use a remote wipe process on routers, firewalls, or servers. "

" Last year, a new anti-virus application was purchased for your company. The application was installed on all servers and client computers. Recently, you discovered that the anti-virus application was not installed in your company's virtualization environment. You have been asked to install the antivirus application in your virtualization environment. Where should you install the antivirus application? on the host computer only on each virtual computer only on the physical computer only on both the host computer and all virtual computers "

" Answer: on both the host computer and all virtual computers Explanation: You should install the antivirus application on both the host computer and all virtual computers. Virtual machines can be compromised with viruses just like a physical computer. Virtualization allows you to implement virtual computers on your network without purchasing the physical hardware to implement the server. Virtualization allows you to isolate the individual virtual machines in whatever manner you need. However, all virtual machines located on a virtual host are compromised if the virtual host is compromised. Therefore, it is important to not limit your implementation of the appropriate security measures to the virtual host. You should also implement the appropriate security measures on each virtual machine, including implementing antivirus software and using the principle of least privilege. You should not install the antivirus application on the host computer only, on each virtual computer only, or on the physical computer only. Because virtual machines can be compromised with viruses just like a physical computer, you should ensure that the antivirus software is installed on both the host computer and each virtual computer. "

" Which application hardening method requires that your organization periodically check with the application vendor? fuzz testing footprinting baselining patch management "

" Answer: patch management Explanation: Patch management requires that your organization periodically check with the application vendor. Vendors usually announce the release of patches and updates so that users can deploy them on their computers. Fuzz testing, footprinting, and baselining do not require that your organization periodically check with the application vendor. Fuzz testing is used to identify bugs and security flaws within an application. Footprinting gathers data about a network to discover possible security issues. Baselining is the process of comparing performance to a recorded metric. "

" Every time a user accesses a particular site, he notices that another Web site has opened in the background. What caused this? XSS ActiveX pop-up pop-under "

" Answer: pop-under Explanation: When a Web site opens in the background, it is a pop-under. Pop-unders are in the same family as pop-ups and should be prevented by enabling a pop-up blocker on the user's computer. Cross-site scripting (XSS) is not the cause of this problem. XSS is a type of security vulnerability typically found in Web applications that allows code injection by hackers into the Web pages viewed by other users. It is used to trick a user into visiting a site and having code execute locally. ActiveX is not the cause of the problem. ActiveX customizes controls, icons, and other Web-enabled systems to increase their usability. ActiveX components and controls are downloaded to the client. A pop-up occurs when a Web site is opened in the foreground, not the background. "

" You need to ensure that USB flash drives issued by your organization are protected by encryption. What should you implement? Encrypting File System BitLocker To Go Data Encryption Standard Advanced Encryption Standard "

" Answer: BitLocker To Go Explanation: You should implement BitLocker To Go to ensure that USB flash drives issued by your organization are protected by encryption. USB flash drives are considered to be a security issue because of their portability and the amount of data they can store. Organizations should ensure that USB flash drive usage is limited and controlled. BitLocker To Go can be used on many types of removable media. If you have a Windows Server 2012 network, you can deploy the appropriate group policies to ensure that all USB drives use USB encryption and BitLocker To Go. Encrypting File System (EFS) is used to encrypt individual files, not entire drives. Because you need to ensure that the entire drive is encrypted, you need to implement BitLocker. There are other encryption systems that provide file-level, folder-level, and database-level encryption. Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are cryptographic algorithms used to confidentially transmit data. BitLocker is available in Windows 7. It provides a means to encrypt an entire volume with 128-bit encryption. TPM and HSM work with BitLocker, but BitLocker can be used without a TPM or HSM chip. Access mechanisms to data on encrypted USB hard drives must be implemented correctly. If they are not, user accounts may be inadvertently locked out because the users do not have the appropriate password to access the drive. "

" Your company issues mobile devices to certain personnel. You enable a screen lock on each of the devices that requires users to enter a code. You need to ensure that the device cannot be used if a wrong code is entered five times in a row. What should you do? Enable remote wiping. Enable full device encryption. Enable lockout. Disable the GPS. "

" Answer: Enable lockout. Explanation: You should enable lockout to ensure that the device cannot be used if a wrong code is entered five times in a row. In most cases, the lockout feature can be enabled remotely if you cannot locate the device. Remote wiping is a useful security feature that allows a mobile device to be reset to factory defaults. When a device is lost or stolen, an administrator executes the remote wipe. While remote wiping should be enabled to protect the mobile devices and their contents, it cannot ensure that the device will not function if a wrong code is entered five times in a row. The remote wiping feature is usually employed after enabling mobile device lockout, and only if the owner cannot locate the device. Full device encryption is a security feature that encrypts a mobile device's contents. It cannot ensure that the device will not function if a wrong code is entered five times in a row. The GPS feature allows a mobile device to be located. It cannot ensure that the device will not function if a wrong code is entered five times in a row. Other mobile device security issues that you should understand for the Security+ exam include: Application control - Your organization should have a clearly defined policy that stipulates which applications are allowed or not allowed on organization-issued mobile devices. If possible, you should implement a centralized solution that will allow you to control the applications. Storage segmentation - Your organization should segment the storage to ensure optimal performance. This also ensures that all your data is not in the same physical location. Asset tracking - Your organization should employ asset tracking using the device's GPS and appropriate management software. Policies should be enforced to ensure that the GPS and tracking software cannot be disabled by users. Mobile device management - This type of software secures, monitors, manages, and supports mobile devices deployed across enterprises. It supports multiple mobile device platforms. Removable storage - Any removable storage devices that are used by an organization should be encrypted to protect the contents. Encryption keys should be stored in a central location. Disable unused features - Always disable unused features, services, and applications. Keep in mind that any feature that is enabled can be used by an attacker to hack into the mobile device. "

" What is the BEST method to avoid buffer overflows? Run an audit trail. Perform a check digit. Perform a reasonableness check. Execute a well-written program. "

" Answer: Execute a well-written program. Explanation: A well-written program is the best method to prevent buffer overflow errors. Buffer overflow occurs when the length of the input data is longer than the length processor buffers can handle. Buffer overflow is caused when input data is not verified for appropriate length at the time of input. Buffer overflow and boundary condition errors are examples of input validation errors. Audit trails and file integrity checks are examples of security controls in a trusted application system. Security controls cannot control buffer overflow, but can assist in monitoring unauthorized activity on either an application or a system. A check digit, also referred to as a checksum, provides data integrity by computing hash values. A checksum occurs when either a source application or a system uses a mathematical formula to compute a hash value against a standard input and sends the value to the destination. After receiving the data, the receiving application performs the same mathematical operation. If the hash values match, the data is considered acceptable. If the hash values do not match, the data is discarded. Check digits do not either prevent or detect buffer overflows. A reasonableness check verifies whether the data within an application program lies within the predefined limits and format. For example, an application meant for processing numbers should not accept alphabetical characters as a valid input. Reasonableness checks monitor the data input format and not the buffer overflows. "

" What is the purpose of patch management? It is used to identify bugs and security flaws within an application It gathers data about a network to discover possible security issues. It requires that your organization periodically check the application vendor to ensure that the application is kept up-to-date. It ensures that all systems have the same basic security elements. "

" Answer: It requires that your organization periodically check the application vendor to ensure that the application is kept up-to-date. Explanation: Patch management requires that your organization periodically check with the application vendor. Vendors usually announce the release of patches and updates so that users can deploy them on their computers. Patch management should be implemented for all operating systems and applications in use to ensure that all operating systems and applications are protected from security attacks. Fuzz testing, footprinting, and baselining do not require that your organization periodically check with the application vendor. Fuzz testing is used to identify bugs and security flaws within an application. Footprinting gathers data about a network to discover possible security issues. Baselining ensures that all systems have the same basic security elements. "

" Recently, your organization has had several devices stolen from one of your warehouses. These devices are accessed 24 hours a day. Management has requested that you take measures to protect against the theft of these devices in the future. Which solution should you deploy? locked cabinets safe sandboxing cable locks "

" Answer: cable locks Explanation: You should deploy cable locks to protect against the theft of mobile devices from the warehouses. Cable locks should be used to prevent the theft of any mobile devices, including laptops, even if the area itself is considered secure. Cable locks are an added security measure in secure locations, but are vital in non-secured locations. Cable locks are not an effective solution for laptops that are issued to employees for travel purposes. In these cases, it is best to implement some kind of biometric or smart card authentication to protect the laptop while it is being used remotely. While locked cabinets would prevent physical theft, this solution is not as practical because the mobile devices are accessed 24 hours a day. Locked cabinets are best for storage of mobile devices overnight or for a prolonged period, particularly if the devices are only issued to employees when needed. While a safe would also prevent physical theft, this solution also is not practical for the same reason. Safes are even better than locked cabinets because they are much harder to break into or remove from the premises. Depending on the number and value of mobile devices, your organization may decide that a safe is the best option. Sandboxing is a security method of isolating applications or devices from each other. Sandboxes have nothing to do with physical security. For example, if a company is about to release a very large patch to its customers and the administrator is required to test patch installations several times prior to distributing them to customer PCs, the administrator should create a virtualized sandbox and utiilize snapshots to test the patching process quickly and often. When designing security solutions for hosts, you should address the following issues: Operating system security and settings - You should employ the security mechanisms included with the operating system (OS). In Windows computers you can use the local group policy settings to help. In a domain environment, you can employ domain security policies to enforce corporate security measures, including password policies, account lockout policies, and so on. OS hardening - You should harden the operating system for all devices. This includes removing or disabling all unused accounts, changing passwords for default accounts, and disabling unused services and protocols. Anti-malware - Deploy anti-virus, anti-spam, anti-spyware, and popup blockers to protect all hosts. Patch management - All hosts should be updated with all service packs, hot fixes, and updates as released by the vendors. Large organizations may need to deploy centralized patch management solutions to ensure that all hosts are updated in a timely manner. White-listing versus black-listing applications - White-listing applications is the process of configuring which applications are allowed on hosts. Black-listing applications is the process of configuring which applications are NOT allowed on hosts. Arguments for each of these mechanisms abound. With white-listing, only the specific applications on the white-list will be allowed to launch. No black-listed applications will be allowed to launch. Trusted OS - Organizations should establish which trusted OSs will be permitted on the network. Devices that run non-trusted OSs should not be allowed to connect to the network. Host-based firewalls - Host-based firewalls are deployed at the host and protect the hosts from attacks. This type of firewall, however, can impede the performance of a host. Host-based intrusion protection - Host-based intrusion protection can protect the host from intrusions. Hardware security - Hardware security includes the physical security measures mentioned in this question: cable locks, safes, and locked cabinets. Host software baselining - You should obtain a security baseline from all hosts. This baseline can be used for comparative purposes later. "

" Your company has recently decided to implement a BYOD policy for the network. Management has asked you to write the initial BYOD security policy. Which of the following should be included as part of this policy? (Choose all that apply.) data ownership patch management application white-listing and black-listing support ownership "

" Answer: data ownership patch management application white-listing and black-listing support ownership Explanation: All of the listed options should be included as part of a corporate BYOD security policy. While BYOD is becoming more popular today, experienced security professionals should consider all of the ramifications of allowing these devices on your network. Security issues with BYOD include: Data ownership - Organizations should ensure that BYOD users understand who owns the data that resides on the user's device. While the device will contain mostly user-owner information, any data that is downloaded to the device from the corporate network will still belong to the company. Users should be given guidance on how to ensure this corporate data is protected. Support ownership - Depending on the issue, users may contact an organization's support staff for help with their mobile device. All organizations should specifically state which issues will be addressed by their technical staff and which issues should be the responsibility of the mobile device vendor or owner. If you do not set a policy for this support, you may find that your technical staff's time is being wasted on non-organizational issues. Patch management - Like any other device, mobile devices require patch management. In most cases, mobile devices and the applications that are running on them can be configured to automatically install any vendor patches. An organizational BYOD policy should include guidance on patch management. It may also be helpful if you document the devices used by your personnel and send them reminders when vital patches are released by the mobile device vendors. Anti-virus management - No mobile device is immune from viruses. Any BYOD policy implemented by an organization should include clauses regarding the use of anti-virus software. While you cannot control which product that a user implements, your policy can ensure that anti-virus software is used. Forensics - All organizations that allow the use of personal mobile devices should ensure that the users will allow investigators access to their private devices if attacks occur. Security professionals that perform the forensic investigations should receive training on the proper forensic procedures for mobile devices. Privacy - If your organization allows personal mobile device usage on its network, the organization must still ensure that personal user information is protected. Any BYOD policy that is adopted should specifically state which data the organization can collect from the device and which data the organization cannot collect. On-boarding/off-boarding - A procedure for adding the personal devices to the network should be formally adopted. In addition, the human resources' employee termination policies should be edited to include notification to remove any access granted to the user's personal device. Adherence to corporate policies - While a user's personal device usually does not adhere to all corporate policies, you should ensure that your company's BYOD policy includes any corporate policies that are vital for security. Also, you need to consider implementing corporate policies that control the usage of personal devices. If users are able to save company data on their mobile devices, you should provide maximum security by configuring the devices to disable removable media use. User acceptance - Many users may be reluctant to use their personal devices on a corporate network. Any user security awareness training should include training on all facets of mobile device security, including reassurance that your organization will not collect personal data from mobile devices unless absolutely necessary. Architecture/infrastructure considerations - Adding mobile devices to your organization's network may create performance issues. You should regularly monitor the changes to the performance of your resources to ensure that you maintain the appropriate service level after the BYOD policy is implemented. Legal concerns - Your organization should obtain legal counsel on the implications of allowing the use of personal devices. If the proper policies are not in place, corporate data that is placed on the mobile device can be compromised. This can result in damage to the company's reputation and even legal action taken against the company. Acceptable use policy - An acceptable use policy will ensure that users understand what they are allowed to do with the mobile devices on the corporate network. The acceptable use policy should include information on all of the security issues in this list. On-board camera/video - Because mobile devices today include on-board camera/video, it is important to specifically state to the users their limitations on using the camera in a corporate setting. "

" You are responsible for managing a Windows Server 2008 computer that hosts several virtual computers. You need to install the latest patches for the operating system. Where should you install the patches? on the host computer only on each Windows Server 2008 virtual computer only on the physical computer only on both the host computer and all Window Server 2008 virtual computers "

" Answer: on both the host computer and all Window Server 2008 virtual computers Explanation: You should install the patches on both the host computer and all Windows Server 2008 virtual computers. Virtual machines can be compromised just like a physical computer. You should not install the patches on the host computer only, on each Windows Server 2008 virtual computer only, or on the physical computer only. Because virtual machines can be compromised just like a physical computer, you should ensure that the patches are installed on both the host computer and each Windows Server 2008 virtual computer. When selecting host security solutions, you should also consider the following when working with virtualization servers: Snapshots - A snapshot is a virtual machine (VM) image at a particular point in time. It contains an image of the VM's disk, RAM, and devices at the time the snapshot was taken. You can take snapshots of your VMs no matter what guest OS you have. Patch compatibility - Some operating system or application patches can disable or cause problems with virtualization. You should ensure that the patch does not cause issues before you deploy the patch on all VMs. Host availability/elasticity - All VM on a single host server is limited by the amount of hardware in the host machine. All virtual machines must share these resources. You should ensure that the host machine contains enough hardware to allow the VMs to function. Secure control testing - All security controls that are implemented on a VM should be thoroughly tested before being deployed in a live environment. Sandboxing - Virtual machines emulate a host computer on which a conventional operating system may boot and run as on actual hardware. The guest operating system runs sandboxed in the sense that it does not function natively on the host and can only access host resources through the emulator. "

" Which type of validation controls can be placed on the client side? access controls pre-validation controls post-validation controls input validation "

" Answer: pre-validation controls Explanation: Pre-validation controls can be placed on the client side. Parameter validation occurs when the parameter values entered into the application are validated before they are submitted to the application to ensure that the values lie within the server's defined limits. Pre-validation controls are input controls that are implemented prior to submission to the application. These controls can occur on the client, the server, or both. Client-side validation is usually faster than server-side validation because the data does not have to be transmitted to the server. Access controls are not validation controls. Access controls are the controls of limiting access to resources to authorized users. Post-validation controls occur when an application's output is validated to be within certain constraints. Input validation is not a type of validation control. Input validation verifies the values entered by the user. Input validation is the required remediation if a Web application is vulnerable to SQL injection attacks because it ensures that certain characters and commands entered on a Web server are not interpreted as legitimate, nor passed on to back-end servers. Input validation and exception handling are secure coding concepts. With exception handling, the programmer uses exceptions to handle logic and runtime errors. When data integrity is critical to the organization, input validation in a client-server architecture should be performed on the server side. Parameter validation validates parameters that are defined within the application. "

" What is cross-site request forgery (XSRF)? when a script on a Web site is configured to manipulate a computer other than the Web server when unexpected values are provided as input to an application to make the application crash when unauthorized commands are executed on a Web server by a trusted user when network data is gathered to discover ways to intrude on the network "

" Answer: when unauthorized commands are executed on a Web server by a trusted user Explanation: Cross-site request forgery (XSRF) occurs when unauthorized commands are executed on a Web server by a trusted user. Fuzzing occurs when unexpected values are provided as input to an application to make the application crash. Cross-site scripting (XSS) occurs when a script on a Web site is configured to manipulate a computer other than the Web server. Footprinting occurs when network data is gathered to discover ways to intrude on the network. "